Forum Academy Marketplace Showcase Pricing Features

Potential security issue in bubble?

In the sourcecode of the an app page you can see that some javascript files will be loaded.

if you open the file you can see all api connectors with the expected data result incl all fields (also the fields that are set on ignore, AND also all database/table fields (w/o values)

In my opinion this could be a interesting page to look for some provided api tokens and also to get known the database structure.

What do you think? Am I wrong?

@emmanuel

Hmm not totally sure but you can send it over to [email protected] just to be safe

seems normal.

Look here:

I know that its “by design”. But the question is - is this a potential security risk as every visitor knows exactly what kind of api-calls and responses you are using/awaiting and how the database structure looks like.

This topic was automatically closed after 70 days. New replies are no longer allowed.